Roles and Responsibilities

7.0 Roles and Responsibilities
If CJI is improperly disclosed, lost, or reported as not received, the following procedures must be immediately followed
1. [Agency name] personnel shall notify his/her supervisor or LASO, and an incident-report form must be completed and submitted within 24 hours of discovery of the incident. The submitted report is to contain a detailed account of the incident, events leading to the incident, and steps taken/to betaken in response to the incident. (Agency Discretion)
2. The supervisor will communicate the situation to the LASO to notify of the loss or disclosure of
CJI records.
3. The LASO will ensure the CSA ISO (CJIS System Agency Information Security Officer) is promptly informed of security incidents.
4. The CSA ISO will a. Establish a security incident response and reporting procedure to discover, investigate, document, and report to the CSA, the affected criminal justice agency, and the FBI CJIS Division ISO major incidents that significantly endanger the security or integrity of CJI. b. Collect and disseminate all incident-related information received from the Department of Justice (DOJ), FBI CJIS Division, and other entities to the appropriate local law enforcement POCs within their area. c. Act as a single POC for their jurisdictional area for requesting incident response assistance.

8.0 Penalties
Violation of any of the requirements in this policy by any authorized personnel will result in suitable disciplinary action, up to and including loss of access privileges, civil and criminal prosecution and / or termination. Other Related Resources
• Media Sanitization and Destruction Policy (Required)
• Physical Protection Policy (Required)
• Personally Owned Device Policy (if allowed) (Required)
3